Solved: Re: Inter Vlan routing problem

Attila123 · ‎05-22-2020

Hello Everyone,

I have an IT testlab with a Cisco 880 VA router. It has 4 switchports (FA0-3). I use these switchports only, as for some reason I can't configure the atm/eth0 port.

Configuration: I have got two Vlans: Vlan1 and Vlan2. FA/1, FA/2, FA/3 are parts of Vlan1 a local LAN. Vlan1 has got a permanent IP address, configured by a dhcp server.

FA/0 is part of Vlan2 and Vlan2 has got a static IP address.

I configured static route from Vlan1 network using Vlan2 ip address as exit interface and also a static route from Vlan2 network using Vlan1 ip address as exit interface. But it doesn't work and I don't understand why. I read through L3 switching and router on the stick, but they don't seem to apply for this scenario.
Can someone help me please?

Thank you,

Attila

Show Run Full

!
version 15.7
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
no aaa new-model
memory-size iomem 10
!!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887VA-M-K9 sn FCZ164690P4
!
controller VDSL 0
!
interface Ethernet0
no ip address
shutdown
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
switchport access vlan 2
switchport mode access
no ip address
!
interface FastEthernet1
switchport mode access
no ip address
!
interface FastEthernet2
switchport mode access
no ip address
!
interface FastEthernet3
switchport mode access
no ip address
!
interface Vlan1
ip address dhcp
!
interface Vlan2
ip address 192.168.20.2 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 192.168.10.0 255.255.255.0 Vlan2
ip route 192.168.10.0 255.255.255.0 192.168.20.1
ip route 192.168.20.0 255.255.255.0 Vlan1
!
ipv6 ioam timestamp
!
!
control-plane
!
!
vstack

Show IP route

Gateway of last resort is not set

192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Vlan1
L 192.168.10.3/32 is directly connected, Vlan1
192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, Vlan2
L 192.168.20.2/32 is directly connected, Vlan2

Show int Vlan1
Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is e4d3.f168.b328 (bia e4d3.f168.b328)
Internet address is 192.168.10.3/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:50:24, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1100 packets input, 91268 bytes, 0 no buffer
Received 896 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
124 packets output, 26828 bytes, 0 underruns
0 output errors, 1 interface resets
135 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out

Show int Vlan2

Vlan2 is up, line protocol is up
Hardware is EtherSVI, address is e4d3.f168.b328 (bia e4d3.f168.b328)
Internet address is 192.168.20.2/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 01:14:17, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
597 packets input, 85153 bytes, 0 no buffer
Received 426 broadcasts (10 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
32 packets output, 3174 bytes, 0 underruns
0 output errors, 1 interface resets
11 unknown protocol drops

Richard Burts · ‎05-27-2020

Attila

Thanks for the update. Glad to know that you have it working now. The fact that the solution was to stop using DHCP on the win server and implement it on the router confirms my suggestion that your router configs were ok and that the problem was something on the hosts.

It is good that you learned a lot doing this. I hope you will continue to learn about routing and switching and continue to be active in the community.

HTH

Rick

View solution in original post

Georg Pauwen · ‎05-22-2020

Hello,

make sure Vlan 2 actually exists on your router. You need to manually create it:

880#conf t

880(config)#vlan 2

Attila123 · ‎05-22-2020

Thank you, I have already created, but vlans don't seem to access each other.

Richard Burts · ‎05-22-2020

If it is not working I would suggest these things to do:

- post current config

- from the device in vlan 2

-- can it ping the vlan 2 IP address

-- can it ping the vlan 1 IP address

-- can it ping the device in vlan 1

- from the device in vlan 1

-- can it ping the vlan 1 IP address

-- can it ping the vlan 2 IP address

-- can it ping the device in vlan 2

If it does not work this process should show where it is breaking down.

HTH

Rick

Georg Pauwen · ‎05-22-2020

Hello,

I don't want to ask redundant questions in addition to Rick's remarks, but can you see both Vlan interfaces when you do a 'show ip route' ? Can you ping the IP addresses of both interfaces from the router itself ?

Richard Burts · ‎05-22-2020

There are several issues with the routing statements that you have configured.

You have 2 route statements for the subnet of vlan 1. I am not sure why. And both of them are not correct. In effect both of them say that we should get to vlan 1 by going to vlan 2.

ip route 192.168.10.0 255.255.255.0 Vlan2
ip route 192.168.10.0 255.255.255.0 192.168.20.1

You have 1 route statement for the subnet of vlan 2. And it says that to get to vlan 2 we should go to vlan 1
ip route 192.168.20.0 255.255.255.0 Vlan1

Both of these subnets are locally connected and as such do not need any route statements. As currently configured the device in vlan 2 should be able to access all devices in vlan 1. And the devices in vlan 1 should be able to access the device in vlan 2. None of the devices would be able to access outside resources (and that probably will be resolved as you figure out how to configure and use the Ethernet/atm interface(s)+.

HTH

Rick

Attila123 · ‎05-22-2020

Thank you Rick for taking time to look into my config. :)
My problem is when I try to ping devices in vlan 1 from vlan 2 I get100% packet loss, and vica-versa. Meaning I have a device in vlan2 with ip address 192.168.20.1 and when I try to ping for example 192.168.10.1 (which is the dhcp server in Vlan1) 100% loss. When I try to ping 192.168.10.3 (which is the ip of Vlan1) also 100% loss and it says I can't ping the router itself. So it seems like they don't see each other, or I'm very confused.

Georg Pauwen · ‎05-22-2020

Hello,

I am not sure you posted the entire config, but I think by default the router has 'no ip routing' configured, make sure you have that enabled globally (ip routing):

880#conf t

880(config)#ip routing

That said, where are you pinging from, and what default gateway do your clients have configured ?

paul driver · ‎05-23-2020

Hello

Just like to ask - Have you created vlan 2 in the vlan database otherwise you wouldnt get connectivity between vlan1 -2
conf t
vlan 2

exit

Lasty as suggested by Rick, remove the static routes as they are not required inter-vlan communication

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts · ‎05-23-2020

Attila

If the devices in vlan 1 and 2 are PCs would you post the output of ipconfig (and if not PCs then the output of the appropriate command to display their IP address, mask, and default gateway)? Also please try the ping again and then immediately do arp -a (or other appropriate command to show the arp table) and post that output.

Also would you post the output on the router to the command show arp.

HTH

Rick

Attila123 · ‎05-24-2020

Dear Gentlemen,

I have attached my full network infrastructure to this message. I'm sorry I can't make png or jpg posted here.
This is the full config and pings belong to the network. With your suggestions I have solved most of the problems. The only thing I don't understand is why I can't ping from Router1, or Router2 into the 192.168.10.0 network, although from the DHCP server of this network I can ping all the router interfaces, including 192.168.0.47, which is the interface to the network of the ISP-s router.

Thank you for your help and insight.

Kind regards,

Attila

Router 1 show run full (sh run conf doesn't work)

Current configuration : 1315 bytes
!
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 10
!
ip cef
no ipv6 cef
!
controller VDSL 0
!
interface Ethernet0
no ip address
shutdown
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
switchport access vlan 2
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
ip address dhcp
!
interface Vlan2
ip address 192.168.20.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 192.168.10.0 255.255.255.0 192.168.20.2 150

Router 1 pings

ping 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/12 ms
ping 192.168.0.47
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.47, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
ping 192.168.20.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
ping 192.168.10.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/12 ms
ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)
ping 192.168.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)

Router 2 show run full

Current configuration : 1493 bytes
!
version 15.7
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 10
!
ip cef
no ipv6 cef
controller VDSL 0
!
interface Ethernet0
no ip address
shutdown
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
switchport access vlan 2
switchport mode access
no ip address
!
interface FastEthernet1
switchport mode access
no ip address
!
interface FastEthernet2
switchport mode access
no ip address
!
interface FastEthernet3
switchport mode access
no ip address
!
interface Vlan1
ip address dhcp
!
interface Vlan2
ip address 192.168.20.2 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.20.1
ip route 192.168.0.0 255.255.255.0 192.168.20.1
!
ipv6 ioam timestamp
!
control-plane
!
!
vstack
!
Router 2 Pings

ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ping 192.168.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ping 192.168.10.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
ping 192.168.20.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
ping 192.168.0.47
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.47, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
ping 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)
ping 192.168.0.28
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.28, timeout is 2 seconds:
Success rate is 0 percent (0/5)

Richard Burts · ‎05-24-2020

Attila

The original post was about attempting ping between devices on 2 vlans on a single router. Now we are discussing ping where there are 2 routers, 2 LAN subnets, and a transit vlan. That is a significantly different environment.

I have looked at the posted configs and do not see any significant issues in them. (we might talk about the fact that the static route for 192.168.0.0 on router 2 is not needed - but that is not important to your real question here). I see that router 1 pings are successful for every destination except for 192.168.10.1 and 192.168.10.2. And I see that router 2 pings are successful except for the same 2 destinations. So I believe that the problem here is not at all related to the router configurations. I believe that the router configurations are quite acceptable.

If a ping from the router interface to a locally connected device fails then it is not a routing issue. Perhaps there is something like a firewall running on these devices (or some other type of security environment) that does not allow ping? Or perhaps there is some other issue?

If you are sure that there is no firewall or other security restriction on those devices then we need to investigate further. Please post from the router the output of show interface vlan 1 and of show arp. From the devices please post the output of ipconfig and of arp -a (or other appropriate commands if they are not Windows devices).

HTH

Rick

Attila123 · ‎05-27-2020

Hello Richard, George and Paul,

I finally disabled dhcp on the win server and I configured Router2 as a dhcp server and set dna on the nics. It all solved my problems. Thank you very much for your time and effort.

I learnt a lot about switching and routing in the last few days.

Best Regards,

Attila

Richard Burts · ‎05-27-2020

Attila

Thanks for the update. Glad to know that you have it working now. The fact that the solution was to stop using DHCP on the win server and implement it on the router confirms my suggestion that your router configs were ok and that the problem was something on the hosts.

It is good that you learned a lot doing this. I hope you will continue to learn about routing and switching and continue to be active in the community.

HTH

Rick

Attila123 · ‎05-24-2020

Hello Paul,
Thank you for your time.
Yes, I have created VLAN 2 and deleted unnecessary routes.
I post my full configuration with the network infrastructure below.
Kind regards,
Attila